On Tue, Jun 26, 2012 at 04:36:46PM -0400, John Eckersberg wrote:
On Tue, 26 Jun 2012 12:16:28 -0500, Steve Linabery
<slinaber(a)redhat.com> wrote:
> Change the behavior of site_admin.pp to rely on a db check
> (via 'rake dc:admin_exists' task) instead of a filesystem check.
> ---
> recipes/aeolus/manifests/conductor/site_admin.pp | 7 +------
> 1 files changed, 1 insertions(+), 6 deletions(-)
>
> diff --git a/recipes/aeolus/manifests/conductor/site_admin.pp
b/recipes/aeolus/manifests/conductor/site_admin.pp
> index 4c3a91d..4f90fca 100644
> --- a/recipes/aeolus/manifests/conductor/site_admin.pp
> +++ b/recipes/aeolus/manifests/conductor/site_admin.pp
> @@ -5,17 +5,12 @@ define aeolus::conductor::site_admin($email="",
$password="", $first_name="", $l
> environment => "RAILS_ENV=production",
> command => "/usr/bin/rake
dc:create_user[${name},${password},${email},${first_name},${last_name}]",
> logoutput => true,
> - creates => "/var/lib/aeolus-conductor/production.admin",
> + unless => '/usr/bin/rake dc:admin_exists',
> require =>
Aeolus::Rails::Seed::Db["seed_aeolus_database"]}
> exec{"grant_site_admin_privs":
> cwd => '/usr/share/aeolus-conductor',
> environment => "RAILS_ENV=production",
> command => "/usr/bin/rake dc:site_admin[${name}]",
> logoutput => true,
> - creates => "/var/lib/aeolus-conductor/production.admin",
> require => Exec[create_site_admin_user]}
> - file{"/var/lib/aeolus-conductor/production.admin":
> - ensure => present,
> - recurse => true,
> - require => Exec['grant_site_admin_privs']}
> }
> --
> 1.7.6.5
>
ACK, with the one enhancement below. This prevents the grant from
running unless the user creation exec actually creates a user.
Previously it would fail if you changed the admin username and then
re-ran configure, because the user creation grant would "succeed"
(e.g. the 'unless' condition was met) and then the grant would run. But
the grant was trying to run for 'admin', and the username was changed to
$something_else.
Hopefully we can finally put this behind us now :)
diff --git a/recipes/aeolus/manifests/conductor/site_admin.pp
b/recipes/aeolus/manifests/conductor/site_admin.pp
index 4f90fca..ad20161 100644
--- a/recipes/aeolus/manifests/conductor/site_admin.pp
+++ b/recipes/aeolus/manifests/conductor/site_admin.pp
@@ -12,5 +12,6 @@ define aeolus::conductor::site_admin($email="",
$password="", $first_name="", $l
environment => "RAILS_ENV=production",
command => "/usr/bin/rake dc:site_admin[${name}]",
logoutput => true,
- require => Exec[create_site_admin_user]}
+ subscribe => Exec[create_site_admin_user],
+ refreshonly => true}
}
Good catch and thanks!
FWIW it errored for me but I missed it in the configure output. IOW, I tested the scenario
you describe; I must have paged past it. Many eyes ftw.
Editing, re-testing, and pushing.
Steve|eggs